Add in-scope/out-scope subsections to SECURITY-INSIGHTS.yml

[psschwei]

#SecuritySlam

What would you like to be cleaned:

When the SECURITY-INSIGHTS.yml file was initially created in https://github.com/kubernetes-sigs/kueue/pull/1469, the in-scope / out-scope subsections of the vulnerability-reporting section were omitted, as it was not entirely clear which of the OWASP Top 10 were in/out of scope. Someone with more knowledge of the project should update the SECURITY-INSIGHTS.yml file to include this section.

Why is this needed:

Adding this section will improve the project's score on the CLOMonitor site.

/sig release

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[tenzen-y]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[tenzen-y]

/remove-lifecycle stale